Another option: http://support.kaspersky.com/viruses/rescuedisk?level=2
Roger Wright ___ My short term goal is to make it through the day. My long term goal is to string a bunch of short term goals together. On Thu, Oct 6, 2011 at 6:31 PM, John Aldrich <jaldr...@blueridgecarpet.com>wrote: > What do you do if the machine won’t run it? I have two machines that both > think the CD I just made is like 5 years old, and they won't allow me to > update the definitions or anything.... :( > Neither one is really "critical" but I can't replace 'em right now... > > > > From: Roger Wright [mailto:rhw...@gmail.com] > Sent: Thursday, October 06, 2011 3:56 PM > To: NT System Admin Issues > Subject: Re: Torpig/Anserin/Mebroot infection > > Yeah... give the one from Microsoft a try: > http://connect.microsoft.com/systemsweeper > > > Roger Wright > ___ > My short term goal is to make it through the day. > My long term goal is to string a bunch of short term goals together. > > > > On Thu, Oct 6, 2011 at 3:28 PM, John Aldrich <jaldr...@blueridgecarpet.com > > > wrote: > Well, we blocked the IPs of the C&C server at the firewall, and > theoretically, I should have had some hits on the firewall overnight, but I > never did, so I don't know what's going on. Unless/until I can find > something to point me towards a good way to find this sucker, I'm going to > call it "resolved." > > I did contact Sunbelt, but the tech I got seemed to think I'd already > identified the infected PC. I think the only way I'm likely to identify the > machine in question is to boot off removable media and scan the hard drive > of every machine that has been turned on during the time the infection was > detected (about a dozen or two.) Do y'all know of any good free/trialware > that one can download a bootable ISO for to scan for this bug? > > > > From: Cynicalgeek [mailto:cynicalg...@gmail.com] > Sent: Thursday, October 06, 2011 3:16 PM > To: NT System Admin Issues > Subject: Re: Torpig/Anserin/Mebroot infection > > So you have no root cause but it is resolved? > On Thu, Oct 6, 2011 at 2:57 PM, John Aldrich <jaldr...@blueridgecarpet.com > > > wrote: > Nope. I managed to get the ASA logging to a Linux box successfully, but > it's > not showing any hits on the relevant IP address. *shrug* I don't know if > running Malware Bytes on a few machines cleaned it or not. I didn't find > anything major on those machines, so I doubt that was it. I suppose it > could > be a false-positive. Don't know. > > > > From: Roger Wright [mailto:rhw...@gmail.com] > Sent: Thursday, October 06, 2011 12:03 PM > To: NT System Admin Issues > Subject: Re: Torpig/Anserin/Mebroot infection > > John, > > How'd you make out with this issue? Determine the source yet? > > > Roger Wright > ___ > My short term goal is to make it through the day. > My long term goal is to string a bunch of short term goals together. > > > > On Mon, Oct 3, 2011 at 1:22 PM, John Aldrich <jaldr...@blueridgecarpet.com > > > wrote: > So, our external IP is blacklisted because apparently one of our machines > is > infected with a banking Trojan. Short of going to each and every individual > machine on the network, the only thing I can think of to do is to set up > logging of the ASA to a syslog server. I have downloaded and installed a > trial version of Kiwi syslog, but I can’t figure out how to configure it to > forward the log files to my system. > > Anyone here able to provide a good how-to? I *did* Google, but apparently > my > Google-fu sucks, as I wasn’t able to find instructions that made sense to > me. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > > > -- > -cynicalgeek- > cynicalgeek<at>gmail.com > -- > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin